file:saml-internet-drafts-analyzed-2006-10-04-1500h.txt
editor: Jeff Hodges
-------
SUMMARY
-------
This is based on a grep of current IETF Internet-Drafts for the term "SAML" as
of 2006-10-04-1500h. As of 2006-10-09, the list of "hits" hadn't changed.
Here is a brief characterization of the sort of SAML usage in the I-Ds:
SUBSTANTIVE SAML employment: 8
Some SAML Incorporation: 10
SAML referenced "in passing": 10
the drafts:
draft-alfano-aaa-qosprot-05.txt
draft-elwell-sip-tispan-connected-identity-01.txt
draft-fries-msec-mikey-applicability-00.txt
draft-fries-sipping-identity-enterprise-scenario-02.txt
draft-froment-sipping-spit-authz-policies-01.txt
draft-greco-sipping-roaming-00.txt
draft-guenther-geopriv-saml-policy-01.txt
draft-gurbani-sip-tls-use-00.txt
draft-gutmann-keycont-00.txt
draft-hartman-webauth-00.txt
draft-hodges-saml-lsso-00.txt
draft-housley-tls-authz-extns-07.txt
draft-ietf-msec-mikey-applicability-02.txt
draft-ietf-opsec-efforts-04.txt
draft-ietf-sip-saml-00.txt
draft-jennings-sip-charter-01.txt
draft-jennings-sipping-pay-04.txt
draft-klensin-rfc2821bis-00.txt
draft-lendl-domain-policy-ddds-02.txt
draft-merrells-dix-02.txt
draft-merrells-dix-assertion-00.txt
draft-niccolini-sipping-feedback-spit-02.txt
draft-rocky-sipping-override-barring-00.txt
draft-santesson-tls-supp-02.txt
draft-sasaki-sipping-tispan-adhoc-summary-00.txt
draft-schubert-sipping-saml-cpc-02.txt
draft-schwartz-sipping-spit-saml-01.txt
draft-shirey-secgloss-v2-07.txt
draft-tschofenig-dime-diameter-qos-00.txt
draft-tschofenig-enroll-bootstrapping-saml-02.txt
draft-tschofenig-nsis-gist-security-01.txt
draft-tschofenig-radext-qos-03.txt
draft-winterbottom-geopriv-held-sighting-00.txt
draft-winterbottom-http-location-delivery-03.txt
Details:
------------------------------------------
SUBSTANTIVE SAML employment
e.g. use/employment of SAML is the focus of
the spec
count: 8
------------------------------------------
draft-hodges-saml-lsso-00.txt:12:
SAMLv2 Lightweight Web Browser SSO Profile
.
.
.
draft-merrells-dix-02.txt
draft-merrells-dix-assertion-00.txt
.
.
.
[don't know if these dix specs will go anywhere]
draft-guenther-geopriv-saml-policy-01.txt:9:
SAML in Authorization Policies
express conditions with respect to SAML assertions, thereby
Internet-Draft SAML in Authorization Policies July 2005
4. SAML Condition Example . . . . . . . . . . . . . . . . . . . 6
5. SAML Condition Schema . . . . . . . . . . . . . . . . . . . 9
.
draft-ietf-sip-saml-00.txt:15:
SIP SAML Profile and Binding
.
.
.
draft-schubert-sipping-saml-cpc-02.txt:14:
Conveying CPC using the SAML
.
.
.
draft-schwartz-sipping-spit-saml-01.txt:15:
Assertion Markup Language (SAML)
Internet-Draft SPIT Prevention using SAML June 2006
the Security Assertion Markup Language (SAML) to warrant certain
4.3. Using SAML to Embed Security Attributes . . . . . . . . . 8
.
.
.
draft-tschofenig-enroll-bootstrapping-saml-02.txt:77:
5. Obtaining a SAML Artifact/Assertion . . . . . . . . . . . . . 13
5.1. SAML Artifact transport in EAP methods . . . . . . . . . . 13
5.2. SAML Artifact transport in PANA . . . . . . . . . . . . . 13
the Security Assertion Markup Language (SAML). For details about
SAML see [1], [2], [3] and [22]. Please note that it would be
Authorization Certificates are more limited than SAML mainly because
an authorization transport mechanism like SAML.
aims to describe how the SAML could be used to provide the user
however, in this draft the usage of SAML has been taken into account,
Two scenarios are meant to illustrate the functionality of SAML for
This scenario exploits the inclusion of SAML for SIP which has been
| INVITE + SAML Artifact |
.
.
------------------------------------------
Some SAML Incorporation:
e.g. SAML employed as an alternative "token"
format, and described/spec'd in a subsection
or three -- SAML employment/profiling is not
the focus of the spec.
NOTE: the ref'd specs could be substantive
count: 10
------------------------------------------
draft-fries-msec-mikey-applicability-00.txt:81:
4.2. SAML assisted DH-key agreement . . . . . . . . . . . . . . 9
o SAML assisted Diffie-Hellman key agreement as defined [Reference
to draft-moskowitz-MIKEY-SAML-DH]
4.2. SAML assisted DH-key agreement
This document [Reference to draft-moskowitz-MIKEY-SAML-DH] is
Diffie-Hellman key and the ID using the SAML (Security Association
Markup Language, [SAML_overview]) approach. Here the client's public
Diffie-Hellman-credentials are signed by the server to form a SAML
[SAML_overview]
Language (SAML) 2.0 Technical Overview, Working Draft"",
draft-greco-sipping-roaming-00.txt:11:
SIP and SAML roaming profile
Internet-Draft SIP and SAML roaming profile September 2006
(SAML) protocol and the Session Initiation Protocol (SIP).
4. Roaming SAML profile . . . . . . . . . . . . . . . . . . . . . 11
4.2. SAML roaming assertion . . . . . . . . . . . . . . . . . . 13
draft-hartman-webauth-00.txt:417:
Assertion Markup Language (SAML) is used to carry assertions (claims)
Security Assertion Markup Language (SAML) assertions. Since the
Kerberos server (KDC) is the SAML Authority. This will be much
4. An authorization data element needs to be defined to carry SAML
party. SAML is proposed as a mechanism to do this. In order to use
SAML, a profile of SAML for this application needs to be created.
An alternative that has been proposed is a SAML GSS-API mechanism
unless the SAML is inside the Kerberos ticket, then the client is
responsible for binding the SAML assertions to the Kerberos exchange
draft-housley-tls-authz-extns-07.txt:305:
(SAML) [SAML1.1][SAML2.0].
is a SAML Assertion; however, the SAML Assertion is fetched with the
intended SAML Assertion is obtained.
case saml_assertion: SAMLAssertion;
opaque SAMLAssertion<1..2^16-1>;
3.3.2. SAML Assertion
.
draft-ietf-msec-mikey-applicability-02.txt:79:
3.6. SAML assisted DH-key agreement . . . . . . . . . . . . . . 10
o SAML assisted Diffie-Hellman key agreement as defined [Reference
to draft-moskowitz-MIKEY-SAML-DH] (MIKEY-DHSAML)
3.6. SAML assisted DH-key agreement
This document [Reference to draft-moskowitz-MIKEY-SAML-DH] is
Diffie-Hellman key and the ID using the SAML (Security Association
Markup Language, [SAML_overview]) approach. Here the client's public
Diffie-Hellman-credentials are signed by the server to form a SAML
[SAML_overview]
Language (SAML) 2.0 Technical Overview, Working Draft"",
draft-jennings-sipping-pay-04.txt:63:
Assertion Markup Language (SAML). It relies on a third party to act
1.1. SAML Payment Scenario using Assertions . . . . . . . . . . 4
1.2. SAML Payment Scenario using URI References . . . . . . . . 5
.
draft-lendl-domain-policy-ddds-02.txt:245:
featured policy description language like SAML [13] or XACML [14].
o A record with policy-type "saml" shall contain an URL of a SAML
(SAML) V2.0 Technical Overview", July 2005.
draft-rocky-sipping-override-barring-00.txt:48:
each type of the functionalities. Some methods such as SAML, CPC,
3.1.1 A solution based on SAML.....................................4
Security Assertion Markup Language (SAML) [I-D.saml-tech-overview-
being developed by SSTC of OASIS. SAML is a XML-based framework for
SIP-SAML [I-D.draft-tschofenig-sip-saml-04] gives a method for using
SAML in collaboration with SIP to accommodate richer authorization
particular, it provides a way for SIP to refer to SAML objects, and
for recipients of SIP messages to use SAML in order to make more
based on SAML and another is on an extension header. More possible
3.1.1 A solution based on SAML
SAML is a XML-based framework for creating and exchanging security
| | SAML artifact| | |
| | INVITE + SAML artifact | |
| | | SAML request | |
| | | SAML response + Assertion |
draft-winterbottom-http-location-delivery-03.txt:94:
5.5.2. SAML "Assertion" or "EncryptedAssertion" Element . . . 22
verified. A SAML assertion MAY be provided in place of this element.
5.5.2. SAML "Assertion" or "EncryptedAssertion" Element
This element is taken from SAML 2.0 Core [OASIS.saml-core-2.0-os],
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress".
sign-on profile of SAML, identified by
"urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser". This profile is
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Markup Language (SAML) V2.0", OASIS Security Services TC
Security Assertion Markup Language (SAML) V2.0", OASIS
draft-winterbottom-geopriv-held-sighting-00.txt:96:
5.5.2. SAML "Assertion" or "EncryptedAssertion" Element . . . 22
verified. A SAML assertion MAY be provided in place of this element.
5.5.2. SAML "Assertion" or "EncryptedAssertion" Element
This element is taken from SAML 2.0 Core [OASIS.saml-core-2.0-os],
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress".
sign-on profile of SAML, identified by
"urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser". This profile is
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Markup Language (SAML) V2.0", OASIS Security Services TC
Security Assertion Markup Language (SAML) V2.0", OASIS
------------------------------------------
SAML referenced "in passing"
NOTE: tho the SAML mentions are non-substantive
themselves, there's other specs sometimes ref'd
in the SAML context that may be substantive
count: 15
------------------------------------------
draft-alfano-aaa-qosprot-05.txt:2482:
Tschofenig, H., "Using SAML for SIP",
draft-elwell-sip-tispan-connected-identity-01.txt:246:
Option 4: Longer term it is possible that SAML could also be used to
additional roundtrip) and option 4 (using SAML). Option 3 adds a
draft-fries-sipping-identity-enterprise-scenario-02.txt:76:
A.2. Enhancements to SIP Identity using SIP SAML . . . . . . . 9
Tschofenig, H., "Using SAML for SIP",
A.2. Enhancements to SIP Identity using SIP SAML
A document supporting this approach is provided in SIP-SAML
[I-D.tschofenig-sip-saml], which enables SAML assertions and
draft-froment-sipping-spit-authz-policies-01.txt:66:
SAML assertions (as introduced with SIP-SAML) and by the SPIT-SAML
Tschofenig, H., "SIP SAML Profile and Binding",
(SAML)", draft-schwartz-sipping-spit-saml-00 (work in
draft-gurbani-sip-tls-use-00.txt:302:
Certificates [4] or SAML be more appropriate here?
draft-gutmann-keycont-00.txt:413:
purpose security assertion language such as KeyNote [REF] or SAML [SAML].
[SAML] "Security Assertion Markup Language (SAML), Version 1.0", OASIS XML-
draft-ietf-opsec-efforts-04.txt:173:
6.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 28
6.26. OASIS Security Services (SAML) TC
Markup Language (SAML) as an OASIS standard. SAML is an XML
draft-jennings-sip-charter-01.txt:242:
4. Guidelines for the use of descriptive techniques such as SAML
Sep 2007 Using SAML for SIP to WGLC (PS)
Dec 2007 Using SAML for SIP to IESG (PS)
draft-klensin-rfc2821bis-00.txt:2330:
transactions in a session. MAIL (or SEND, SOML, or SAML) MUST NOT be
processing the obsolete SEND, SOML, or SAML commands) and use a null
MAIL, SAML, etc., commands) or "forward" (RCPT) addresses in the SMTP
commands (SEND, SAML, SOML) were rarely implemented, and changes in
Clients SHOULD NOT provide SEND, SAML, or SOML as services. Servers
draft-niccolini-sipping-feedback-spit-02.txt:691:
Assertion Markup Language (SAML)",
draft-santesson-tls-supp-02.txt:69:
another proposal transfers attribute certificates and SAML assertions
draft-sasaki-sipping-tispan-adhoc-summary-00.txt:191:
address this issue with SAML assertions would be a more favorable
the SAML based approach.
draft-tschofenig-dime-diameter-qos-00.txt:2538:
Tschofenig, H., "Using SAML for SIP",
draft-tschofenig-nsis-gist-security-01.txt:1601:
o Integration with SAML/Liberty infrastructure [SAMLOverview].
[SAMLOverview]
Language (SAML) V2.0 Technical Overview", OASIS
draft-tschofenig-radext-qos-03.txt:1013:
SAML as outlined in [18] and [19]. The structure of the token is
[19] Tschofenig, H., "SIP SAML Profile and Binding",
==============================================================================
end